Prosím o kontrolu

Zpráva

Hron · #1 Příspěvek od **Hron** » 19 úno 2013 18:00

Dobrý den,
nedávno se mi náhle zpomalil notebook na čtvrtinu a hledám příčinu.

Proto zde prosím o kontrolu, zda není chyba v něčem, co se dá tímhle způsobem objevit.

Děkuji za zkontrolování.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-02-19 17:49:08
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 141 GB (46%) free of 305 GB
Total RAM: 3071 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:49:24, on 19.2.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 81.0.254.162 L2authd.Lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.12/uploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - file:///C:/Lukas/Apps/The%20Tournament%20Director/comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60E495CE-C67C-43F6-BA24-014D27BD9124}: NameServer = 172.22.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10666 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe"
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Opera\opera.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WLANExt.exe 82846096
\??\C:\Windows\system32\conhost.exe "-1689033959-10383873-1603486306-1138023944516412583-2128574844-14958000611857958721
"C:\Windows\system32\wuauclt.exe"
"taskhost.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe64_ Global\UsGthrCtrlFltPipeMssGthrPipe64 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Administrator\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default

prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT10986 ... hSource=13"
prefs.js - "extensions.enabledItems" - "{ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0, DTToolbar@toolbarnet.com:1.1.2.0185, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.149 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.149 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\extensions\
DTToolbar@toolbarnet.com
{ecdee021-0d17-467f-a1ff-c7a115230949}

C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\searchplugins\
conduit.xml
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files (x86)\free-downloads.net\tbfree.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2010-03-25 1548096]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files (x86)\free-downloads.net\tbfree.dll [2009-12-31 2349080]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-19 16333856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"OscarEditor"=C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [2012-03-20 3340288]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe [2013-02-08 699248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3FWHZQA3LT]
C:\Users\Administrator\AppData\Local\Temp\Vqh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
C:\Windows\BisonCam\BisonHK.exe [2007-03-15 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
C:\Windows\BisonCam\BsMnt.exe [2007-03-15 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro]
C:\Program Files (x86)\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe [2010-03-19 2766848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [2007-05-21 124512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Metropolis]
C:\Windows\system32\sshnas21.dll,GetHandle []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Lukas\Hry\Rockstar\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2012-12-19 1354736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~2\Xfire\Xfire.exe [2006-06-07 4154504]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-05-06 2815192]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"googletalk"=C:\Program Files (x86)\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-02-19 17:49:12 ----D---- C:\Program Files\trend micro
2013-02-19 17:49:08 ----D---- C:\rsit
2013-02-16 22:03:45 ----A---- C:\Windows\system32\FNTCACHE.DAT
2013-02-16 20:40:10 ----RD---- C:\Program Files (x86)\Skype
2013-02-13 12:23:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-02-13 12:23:41 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-02-13 12:23:40 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-02-13 12:23:33 ----A---- C:\Windows\system32\win32k.sys
2013-02-13 12:23:25 ----A---- C:\Windows\system32\ieframe.dll
2013-02-13 12:23:22 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-02-13 12:23:19 ----A---- C:\Windows\system32\mshtml.dll
2013-02-13 12:23:17 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-02-13 12:23:15 ----A---- C:\Windows\system32\wininet.dll
2013-02-13 12:23:14 ----A---- C:\Windows\system32\iertutil.dll
2013-02-13 12:23:13 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-02-13 12:23:13 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-02-13 12:23:12 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-02-13 12:23:12 ----A---- C:\Windows\system32\msfeeds.dll
2013-02-13 12:23:11 ----A---- C:\Windows\system32\urlmon.dll
2013-02-13 12:23:09 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-02-13 12:23:07 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-02-13 12:23:07 ----A---- C:\Windows\system32\mshtmled.dll
2013-02-13 12:23:06 ----A---- C:\Windows\SYSWOW64\url.dll
2013-02-13 12:23:06 ----A---- C:\Windows\system32\url.dll
2013-02-13 12:23:05 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-02-13 12:23:05 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-02-13 12:23:05 ----A---- C:\Windows\system32\jsproxy.dll
2013-02-13 12:23:05 ----A---- C:\Windows\system32\ieui.dll
2013-02-13 12:22:59 ----A---- C:\Windows\system32\winsrv.dll
2013-02-13 12:22:58 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-02-13 12:22:57 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-02-13 12:22:57 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-02-13 12:22:57 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-02-13 12:22:54 ----A---- C:\Windows\SYSWOW64\user.exe
2013-02-13 12:22:45 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-02-13 12:22:44 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-01-31 20:55:09 ----A---- C:\ProgramData\ra3.ini

======List of files/folders modified in the last 1 month======

2013-02-19 17:49:12 ----RD---- C:\Program Files
2013-02-19 17:48:47 ----D---- C:\Windows\Temp
2013-02-19 17:48:39 ----D---- C:\Windows\Prefetch
2013-02-19 17:39:40 ----D---- C:\Users\Administrator\AppData\Roaming\Skype
2013-02-19 11:46:29 ----D---- C:\Windows\system32\config
2013-02-19 00:34:53 ----D---- C:\Users\Administrator\AppData\Roaming\vlc
2013-02-18 23:11:08 ----D---- C:\ProgramData\PMB Files
2013-02-18 17:28:16 ----D---- C:\Users\Administrator\AppData\Roaming\dvdcss
2013-02-17 20:48:31 ----D---- C:\Windows\Microsoft.NET
2013-02-17 18:27:05 ----RSD---- C:\Windows\assembly
2013-02-17 13:29:58 ----D---- C:\Windows\system32\LogFiles
2013-02-16 22:05:27 ----D---- C:\Windows\winsxs
2013-02-16 22:05:22 ----D---- C:\Windows\inf
2013-02-16 22:04:16 ----D---- C:\Windows
2013-02-16 22:03:45 ----D---- C:\Windows\System32
2013-02-16 22:01:03 ----D---- C:\Windows\SysWOW64
2013-02-16 22:01:02 ----D---- C:\Windows\SYSWOW64\migration
2013-02-16 22:01:02 ----D---- C:\Program Files (x86)\Internet Explorer
2013-02-16 22:01:01 ----D---- C:\Windows\system32\migration
2013-02-16 22:01:01 ----D---- C:\Program Files\Internet Explorer
2013-02-16 22:01:00 ----D---- C:\Windows\system32\drivers
2013-02-16 22:01:00 ----D---- C:\Windows\AppPatch
2013-02-16 21:50:12 ----D---- C:\Windows\debug
2013-02-16 21:50:08 ----A---- C:\Windows\system32\MRT.exe
2013-02-16 21:50:01 ----SHD---- C:\Windows\Installer
2013-02-16 21:41:07 ----SHD---- C:\System Volume Information
2013-02-16 20:40:21 ----D---- C:\ProgramData\Skype
2013-02-16 20:40:10 ----RD---- C:\Program Files (x86)
2013-02-16 20:40:10 ----D---- C:\Program Files (x86)\Common Files
2013-02-15 09:14:19 ----D---- C:\Program Files (x86)\Opera
2013-02-13 12:22:37 ----D---- C:\Windows\system32\catroot
2013-02-13 12:22:19 ----D---- C:\Windows\system32\catroot2
2013-02-09 14:12:09 ----AHD---- C:\ProgramData
2013-02-08 18:36:18 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-02-07 16:45:31 ----HD---- C:\Windows\system32\GroupPolicy
2013-02-06 19:38:02 ----D---- C:\ProgramData\CanonIJPLM
2013-01-31 21:21:09 ----D---- C:\Program Files (x86)\Steam
2013-01-31 21:20:48 ----D---- C:\Windows\Logs
2013-01-31 20:55:18 ----D---- C:\ProgramData\Electronic Arts
2013-01-26 14:24:42 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-11 834544]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2012-11-06 2715824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-05-06 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-05-06 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-05-06 51280]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2011-04-05 253528]
R1 SbTis;SbTis; C:\Windows\system32\drivers\sbtis.sys [2011-04-05 94296]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-07-22 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-07-22 358144]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-05-06 22096]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-05-06 63568]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-12 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-12 43680]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 47632]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 Cam5603D;BisonCam, NB Pro; C:\Windows\System32\Drivers\BisonCam.sys [2007-08-21 742312]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2010-01-13 7520256]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\Windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-07-22 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-07-22 95232]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2008-01-24 22024]
S0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys []
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Users\Administrator\Desktop\OP\Hry\Garena Plus\Room\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 33856]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2009-10-06 25088]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2009-10-06 12288]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2009-10-06 172544]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2009-10-06 18944]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\Windows\syswow64\NSNDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service; C:\Windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
S3 sbhips;sbhips; C:\Windows\system32\drivers\sbhips.sys [2011-04-05 60504]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 5504]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2009-10-06 8704]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2009-10-06 8704]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2008-01-24 32776]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-01-19 1420560]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 NMSAccess;NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-19 382496]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2009-12-10 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2009-12-11 214816]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-01-19 831760]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2012-11-06 551896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-09-29 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 251248]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-04-16 403240]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2008-07-29 4737024]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 19 úno 2013 18:32

Zdravim

Pricin je nekolik - jednak havet, jedna zbytecnosti - oboji poresime

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Search
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Hron · #3 Příspěvek od **Hron** » 19 úno 2013 19:44

Děkuji, že mi pomáháte.

Notebook jsem dostal po někom se 100% obsazeným harddiskem a vím, že ne vše jsem odstranil a i to, že ne vše co jsem odstranil jsem odstranil správně. A to mluvím jen o věcech nalezitelných běžným uživatelem...

Takže pročištění bude něco opravdu úžasného. Ještě jednou děkuji...

Výpis RogueKiller:
RogueKiller V8.5.1 [Feb 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 02/19/2013 19:33:06
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{60E495CE-C67C-43F6-BA24-014D27BD9124} : NameServer (172.22.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{60E495CE-C67C-43F6-BA24-014D27BD9124} : NameServer (172.22.1.1) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
216.107.250.194 nprotect.lineage2.com
81.0.254.162 L2authd.Lineage2.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] f48bf7b267b50e21f82abededdbd09d4
[BSP] 2be1cf2470448f251cbf3805e5d3f7e1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02192013_02d1933.txt >>
RKreport[1]_S_02192013_02d1933.txt

Výpis AdwCleaner
# AdwCleaner v2.112 - Logfile created 02/19/2013 at 19:34:15
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Administrator - OP
# Boot Mode : Normal
# Running from : C:\Users\Administrator\Desktop\adwcleaner0.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\searchplugins\Conduit.xml
File Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\searchplugins\daemon-search.xml
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\free-downloads.net
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\Conduit
Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\CT1098640
Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\extensions\DTToolbar@toolbarnet.com

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\free-downloads.net
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1098640
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\free-downloads.net
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{75D8C08E-33FB-4A28-9303-BECC47DA3803}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75D8C08E-33FB-4A28-9303-BECC47DA3803}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\free-downloads.net Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKU\S-1-5-21-3149879176-4258568144-3479067292-500\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKU\S-1-5-21-3149879176-4258568144-3479067292-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640

-\\ Mozilla Firefox v3.6 (cs)

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\prefs.js

Found : user_pref("CT1098640.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1098640.CTID", "CT1098640");
Found : user_pref("CT1098640.CommunitiesChangesLastCheckTime", "Fri Jun 15 2012 23:43:07 GMT+0200 (Central E[...]
Found : user_pref("CT1098640.CurrentServerDate", "16-6-2012");
Found : user_pref("CT1098640.DialogsAlignMode", "LTR");
Found : user_pref("CT1098640.DownloadDomainsListLastCheckTime", "Fri Jun 15 2012 23:43:08 GMT+0200 (Central [...]
Found : user_pref("CT1098640.FirstServerDate", "16-6-2012");
Found : user_pref("CT1098640.FirstTime", true);
Found : user_pref("CT1098640.FirstTimeFF3", true);
Found : user_pref("CT1098640.FixPageNotFoundErrors", true);
Found : user_pref("CT1098640.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1098640.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1098640.Initialize", true);
Found : user_pref("CT1098640.InitializeCommonPrefs", true);
Found : user_pref("CT1098640.InstalledDate", "Fri Jun 15 2012 23:43:07 GMT+0200 (Central Europe Daylight Tim[...]
Found : user_pref("CT1098640.IsGrouping", false);
Found : user_pref("CT1098640.IsMulticommunity", true);
Found : user_pref("CT1098640.IsOpenThankYouPage", false);
Found : user_pref("CT1098640.IsOpenUninstallPage", true);
Found : user_pref("CT1098640.LanguagePackLastCheckTime", "Fri Jun 15 2012 23:43:09 GMT+0200 (Central Europe [...]
Found : user_pref("CT1098640.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1098640.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1098640.LastLogin_2.5.6.0", "Fri Jun 15 2012 23:43:09 GMT+0200 (Central Europe Daylight[...]
Found : user_pref("CT1098640.LatestVersion", "3.13.0.6");
Found : user_pref("CT1098640.Locale", "en-us");
Found : user_pref("CT1098640.LoginCache", 4);
Found : user_pref("CT1098640.MCDetectTooltipHeight", "83");
Found : user_pref("CT1098640.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1098640.MCDetectTooltipWidth", "295");
Found : user_pref("CT1098640.SHRINK_TOOLBAR", 1);
Found : user_pref("CT1098640.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13");
Found : user_pref("CT1098640.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT1098640.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1098640.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT109[...]
Found : user_pref("CT1098640.SearchInNewTabEnabled", true);
Found : user_pref("CT1098640.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1098640.SearchInNewTabLastCheckTime", "Fri Jun 15 2012 23:43:09 GMT+0200 (Central Europ[...]
Found : user_pref("CT1098640.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1098640.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT1098640.SettingsCheckIntervalMin", 120);
Found : user_pref("CT1098640.SettingsLastCheckTime", "Fri Jun 15 2012 23:43:07 GMT+0200 (Central Europe Dayl[...]
Found : user_pref("CT1098640.SettingsLastUpdate", "1326723880");
Found : user_pref("CT1098640.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1098640.ThirdPartyComponentsLastCheck", "Fri Jun 15 2012 23:43:07 GMT+0200 (Central Eur[...]
Found : user_pref("CT1098640.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT1098640.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT1098640.UserID", "UN97995114332793620");
Found : user_pref("CT1098640.clientLogIsEnabled", false);
Found : user_pref("CT1098640.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT1098640.myStuffEnabled", true);
Found : user_pref("CT1098640.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1098640.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1098640.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1098640.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1098640.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1098640");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1098640");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 15 2012 23:43:07 GMT+0200 (Central E[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{dce18fed-1669-4de5-a940-0de75eb6edd3}");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jun 15 2012 23:43:09 GMT+0200 (Cen[...]
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1098640");
Found : user_pref("browser.search.defaultthis.engineName", "free-downloads.net Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&Sea[...]
Found : user_pref("browser.search.selectedEngine", "free-downloads.net Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13");

-\\ Opera v12.14.1738.0

File : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11261 octets] - [19/02/2013 19:34:15]

########## EOF - C:\AdwCleaner[R1].txt - [11322 octets] ##########

#4 Příspěvek od **vyosek** » 19 úno 2013 19:50

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Delete
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Hron · #5 Příspěvek od **Hron** » 19 úno 2013 20:29

RogueKiller po smazání
RogueKiller V8.5.1 [Feb 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 02/19/2013 20:11:55
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{60E495CE-C67C-43F6-BA24-014D27BD9124} : NameServer (172.22.1.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{60E495CE-C67C-43F6-BA24-014D27BD9124} : NameServer (172.22.1.1) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
216.107.250.194 nprotect.lineage2.com
81.0.254.162 L2authd.Lineage2.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] f48bf7b267b50e21f82abededdbd09d4
[BSP] 2be1cf2470448f251cbf3805e5d3f7e1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02192013_02d2011.txt >>
RKreport[1]_S_02192013_02d2010.txt ; RKreport[2]_D_02192013_02d2011.txt

RogueKiller po Oprava Host
RogueKiller V8.5.1 [Feb 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : HOSTSFix -- Date : 02/19/2013 20:12:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
216.107.250.194 nprotect.lineage2.com
81.0.254.162 L2authd.Lineage2.com

¤¤¤ Reset HOSTS: ¤¤¤

AdwCleaner
# AdwCleaner v2.112 - Logfile created 02/19/2013 at 20:16:42
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Administrator - OP
# Boot Mode : Normal
# Running from : C:\Users\Administrator\Desktop\RSIT\adwcleaner0.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\searchplugins\daemon-search.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\free-downloads.net
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\Conduit
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\CT1098640
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\extensions\DTToolbar@toolbarnet.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\free-downloads.net
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1098640
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\free-downloads.net
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{75D8C08E-33FB-4A28-9303-BECC47DA3803}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75D8C08E-33FB-4A28-9303-BECC47DA3803}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\free-downloads.net Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640 --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6 (cs)

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\prefs.js

Deleted : user_pref("CT1098640.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1098640.CTID", "CT1098640");
Deleted : user_pref("CT1098640.CommunitiesChangesLastCheckTime", "Fri Jun 15 2012 23:43:07 GMT+0200 (Central E[...]
Deleted : user_pref("CT1098640.CurrentServerDate", "16-6-2012");
Deleted : user_pref("CT1098640.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1098640.DownloadDomainsListLastCheckTime", "Fri Jun 15 2012 23:43:08 GMT+0200 (Central [...]
Deleted : user_pref("CT1098640.FirstServerDate", "16-6-2012");
Deleted : user_pref("CT1098640.FirstTime", true);
Deleted : user_pref("CT1098640.FirstTimeFF3", true);
Deleted : user_pref("CT1098640.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1098640.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1098640.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1098640.Initialize", true);
Deleted : user_pref("CT1098640.InitializeCommonPrefs", true);
Deleted : user_pref("CT1098640.InstalledDate", "Fri Jun 15 2012 23:43:07 GMT+0200 (Central Europe Daylight Tim[...]
Deleted : user_pref("CT1098640.IsGrouping", false);
Deleted : user_pref("CT1098640.IsMulticommunity", true);
Deleted : user_pref("CT1098640.IsOpenThankYouPage", false);
Deleted : user_pref("CT1098640.IsOpenUninstallPage", true);
Deleted : user_pref("CT1098640.LanguagePackLastCheckTime", "Fri Jun 15 2012 23:43:09 GMT+0200 (Central Europe [...]
Deleted : user_pref("CT1098640.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1098640.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1098640.LastLogin_2.5.6.0", "Fri Jun 15 2012 23:43:09 GMT+0200 (Central Europe Daylight[...]
Deleted : user_pref("CT1098640.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT1098640.Locale", "en-us");
Deleted : user_pref("CT1098640.LoginCache", 4);
Deleted : user_pref("CT1098640.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1098640.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1098640.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1098640.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1098640.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13");
Deleted : user_pref("CT1098640.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT1098640.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1098640.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT109[...]
Deleted : user_pref("CT1098640.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1098640.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1098640.SearchInNewTabLastCheckTime", "Fri Jun 15 2012 23:43:09 GMT+0200 (Central Europ[...]
Deleted : user_pref("CT1098640.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1098640.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT1098640.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT1098640.SettingsLastCheckTime", "Fri Jun 15 2012 23:43:07 GMT+0200 (Central Europe Dayl[...]
Deleted : user_pref("CT1098640.SettingsLastUpdate", "1326723880");
Deleted : user_pref("CT1098640.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1098640.ThirdPartyComponentsLastCheck", "Fri Jun 15 2012 23:43:07 GMT+0200 (Central Eur[...]
Deleted : user_pref("CT1098640.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT1098640.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT1098640.UserID", "UN97995114332793620");
Deleted : user_pref("CT1098640.clientLogIsEnabled", false);
Deleted : user_pref("CT1098640.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT1098640.myStuffEnabled", true);
Deleted : user_pref("CT1098640.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1098640.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1098640.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1098640.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1098640.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1098640");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1098640");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 15 2012 23:43:07 GMT+0200 (Central E[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{dce18fed-1669-4de5-a940-0de75eb6edd3}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jun 15 2012 23:43:09 GMT+0200 (Cen[...]
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1098640");
Deleted : user_pref("browser.search.defaultthis.engineName", "free-downloads.net Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "free-downloads.net Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13");

-\\ Opera v12.14.1738.0

File : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11382 octets] - [19/02/2013 19:34:15]
AdwCleaner[S1].txt - [11294 octets] - [19/02/2013 20:16:42]

########## EOF - C:\AdwCleaner[S1].txt - [11355 octets] ##########

#6 Příspěvek od **vyosek** » 19 úno 2013 23:44

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Hron · #7 Příspěvek od **Hron** » 20 úno 2013 14:25

Extras
OTL Extras logfile created on: 20.2.2013 9:12:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,39% Memory free
6,00 Gb Paging File | 4,51 Gb Available in Paging File | 75,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 138,06 Gb Free Space | 46,33% Space Free | Partition Type: NTFS
Drive Z: | 984,31 Gb Total Space | 58,29 Gb Free Space | 5,92% Space Free | Partition Type: NTFS

Computer Name: OP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3149879176-4258568144-3479067292-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CF9ECF-FFDB-46B6-8178-56B7F29F78A7}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher |
"{03816075-3403-4AA2-B234-6CBBD91DE3F3}" = lport=6970 | protocol=17 | dir=in | name=league of legends launcher |
"{0404A16F-5D9C-4766-90A4-6768A681C3EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{06C41BF9-AE87-4BBF-9351-EE61B4AFB3A2}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher |
"{073A7A56-0582-4A26-ACDE-2FBDDE7ADAC5}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{0E5B47F8-BA09-4E90-8B42-7E8381DD42AF}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{20DFFABA-5970-4745-9577-3AEDB21CF890}" = lport=8374 | protocol=17 | dir=in | name=league of legends launcher |
"{2136F237-302F-44D6-8360-B2080AF99615}" = lport=8374 | protocol=6 | dir=in | name=league of legends launcher |
"{29EAF789-E5C9-432A-8B8A-9BD1FA7ADDFC}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{2B543138-5676-4C3C-AD71-04A3D661786E}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
"{2ED9F415-3579-49A9-BEDD-7A4644F2139C}" = rport=138 | protocol=17 | dir=out | app=system |
"{2FEE7008-77BF-4159-85FD-080FB5807DC6}" = lport=6934 | protocol=6 | dir=in | name=league of legends launcher |
"{39ABD400-4B2E-486F-915A-397686B35A3F}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher |
"{3A23DAF3-9F4B-4EAC-AB26-FCEF462E7304}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher |
"{3FAA0EE4-C1FC-4936-A8AA-00B525A0D1C0}" = lport=6970 | protocol=6 | dir=in | name=league of legends launcher |
"{3FE8AE5D-8CF2-4255-89AA-B9B5FDD01ABB}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |
"{41779088-A2A6-4AF2-9357-A36805E351FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{434481FE-E890-45A2-B5CD-B17F5F8D7676}" = lport=6916 | protocol=6 | dir=in | name=league of legends launcher |
"{4578FA67-9537-44A1-A0A6-59833356330D}" = lport=6943 | protocol=6 | dir=in | name=league of legends launcher |
"{487ECECD-6626-4817-B1D3-34F521307FD2}" = lport=6899 | protocol=17 | dir=in | name=league of legends launcher |
"{4927354E-609A-4117-B182-C258C0224DFE}" = lport=8375 | protocol=6 | dir=in | name=league of legends launcher |
"{4C56715D-B1AB-4595-9E5E-3154D0750711}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher |
"{4E85D21D-DE8B-4D88-90DA-8B51A65FE01B}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher |
"{4F2766DF-FE55-442F-8C65-36760533D76B}" = lport=8375 | protocol=6 | dir=in | name=league of legends launcher |
"{5CA89FFE-F32D-4091-A26A-5F51DBBBA2D2}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher |
"{5DA178A2-3412-4298-A49F-676C5B40482F}" = lport=8377 | protocol=6 | dir=in | name=league of legends launcher |
"{5DC45EA6-35F9-40E5-91D5-F60543685AB3}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher |
"{5F28CF68-1E6B-4308-B23C-94FE16C3C373}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher |
"{634EE931-BCD2-4C9A-9B7A-EC806FACFA54}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher |
"{642D1F47-9C26-42D4-AC5A-EC7C25BB71B7}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher |
"{70306CD6-FFB1-473A-AAF1-8D3957CB0C10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{729DF54D-09E2-4BBF-AFC0-9BF2593D7216}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher |
"{75A6E9D3-4AE7-46DD-844B-E0AE042B0150}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{7ED07406-1E2A-4F04-9EC5-A34570EC48EA}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher |
"{7EEB6BCE-3CD9-446B-BCFA-CB709DB23038}" = lport=6986 | protocol=6 | dir=in | name=league of legends launcher |
"{80B4B8BB-0CF2-4A06-AC12-446B6B5A5FAE}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{81C0650B-C30F-48FF-8A27-FF5F7924D902}" = lport=6916 | protocol=17 | dir=in | name=league of legends launcher |
"{83B77184-142E-4B71-9B5B-B68ADD2B1E1D}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher |
"{86B52E0A-BEBF-4729-A74D-BF0541025D9D}" = lport=6886 | protocol=17 | dir=in | name=league of legends launcher |
"{87154A66-DB67-42C8-BA32-F8C4DFD6078F}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{88AEF19A-BED7-4579-A647-5CA933553982}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher |
"{8AFB0352-6FF7-41ED-A381-7B49FEF14107}" = lport=6934 | protocol=17 | dir=in | name=league of legends launcher |
"{8B3E4BDA-D463-4815-B515-B5EF934645B1}" = lport=139 | protocol=6 | dir=in | app=system |
"{8E5AA010-1970-4CB5-B891-4AA7DCC574CD}" = lport=6986 | protocol=17 | dir=in | name=league of legends launcher |
"{8F818116-6ABD-48F5-BBC7-9C7F439EC40E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{9AEEC01A-F180-4430-811E-E19F4825DBEE}" = lport=8373 | protocol=17 | dir=in | name=league of legends launcher |
"{9FB12BBA-F43E-45B1-A6E6-240657D77721}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher |
"{A58D1FB2-6A80-4BF4-B111-04CE41B82614}" = lport=6920 | protocol=6 | dir=in | name=league of legends launcher |
"{A793F0FC-E044-4C8B-9CAB-8ACFF60D91EA}" = lport=8375 | protocol=17 | dir=in | name=league of legends launcher |
"{A7DE4CF4-55FB-4431-9E5B-BDD510D318F0}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
"{A8A83F52-B2F6-4F1F-BA0A-0426FA7D3E49}" = lport=6886 | protocol=6 | dir=in | name=league of legends launcher |
"{A935E27A-D647-4E1F-B38A-995385173357}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A93D2C95-8FB4-4785-852E-3CAE17870614}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher |
"{ABB77513-83C4-4C99-AB36-02B4D1A578D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF89155B-D73F-4ACD-99C6-82CCEBF35737}" = lport=137 | protocol=17 | dir=in | app=system |
"{B317956C-FD72-4D5D-AF0F-ED5942DDA07C}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
"{B7A04963-EA5C-4760-8A05-37ADE03ABEE6}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{B8318ED7-1179-48D2-8A70-A2AC4DBE7720}" = lport=58037 | protocol=6 | dir=in | name=pando media booster |
"{B92D078F-8C7A-4780-833D-E88E0DA43542}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher |
"{BCEC00DF-B080-4D28-9E3A-DBE829B8255D}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher |
"{BE7EF98D-87CA-44D1-B3D5-5D38184AE7AD}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{BEE523FE-6425-4058-9385-AFF636DA5151}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher |
"{C2A191AC-2107-497B-BE64-CCF429B54611}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C872386E-7508-43C3-BA34-F060820D8E02}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9985EF1-5930-45CB-A2B8-25EEA961CEEF}" = lport=6920 | protocol=17 | dir=in | name=league of legends launcher |
"{CFE591E4-CC99-4015-8120-E76C87C1EFCF}" = lport=8377 | protocol=17 | dir=in | name=league of legends launcher |
"{D2F417E2-F941-432B-ACF9-BB7EC56D4E0C}" = lport=6897 | protocol=6 | dir=in | name=league of legends launcher |
"{D55479A7-22DF-4FCB-AB9F-95DC49360326}" = lport=6897 | protocol=17 | dir=in | name=league of legends launcher |
"{D76289F9-3230-410B-9A42-D0CD2397B5A8}" = lport=58037 | protocol=6 | dir=in | name=pando media booster |
"{D7708885-482C-46B5-96C7-0F432E9F5BD6}" = lport=6964 | protocol=17 | dir=in | name=league of legends launcher |
"{D7CE2607-1A55-4850-BFD2-E3B5A6A4188B}" = lport=8375 | protocol=17 | dir=in | name=league of legends launcher |
"{DA56CA01-010B-483D-B263-82649B61C7F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{DE28639C-322D-442C-859A-453D7FA6D0A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{DFE8E0EA-29EB-44DD-92F4-D75DC68DD017}" = lport=138 | protocol=17 | dir=in | app=system |
"{E277B59D-77CB-4503-99AD-A301BFC70B60}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher |
"{E3E8756E-6804-4332-B135-557D74243238}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |
"{E70227D2-EC96-49A0-8EBE-13AE995E572D}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{E84FEB6C-749E-4E89-ACC9-60F49BDB40CF}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{F22EE108-4E6F-4FE3-B26D-F2ECD9CF4DDF}" = lport=58037 | protocol=17 | dir=in | name=pando media booster |
"{F2656FF5-F4A9-491B-92C6-368FE54672DC}" = lport=6964 | protocol=6 | dir=in | name=league of legends launcher |
"{F2D760A8-0F69-4999-8423-0C3B9F1640F6}" = lport=8373 | protocol=6 | dir=in | name=league of legends launcher |
"{F49AF1CE-29DD-4591-A53E-23C8012CA0B6}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{F4CED7AE-AC39-40BD-95CC-FFF4F51B867B}" = lport=6943 | protocol=17 | dir=in | name=league of legends launcher |
"{F508FE58-C859-4D47-93B5-3951B3A95E11}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher |
"{F9F741DE-3873-4F90-AA37-CD6F3A073E90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FD117977-33F9-46D7-9A83-D36AFB5AE6BE}" = lport=58037 | protocol=17 | dir=in | name=pando media booster |
"{FECCFEA9-F706-4A30-B0D7-ADA2FCC5D349}" = lport=6899 | protocol=6 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061972C7-3B78-4BFF-8EB7-9E37F63BF17C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0BA0FA9F-02E8-41B9-9199-3AD6CA17535E}" = protocol=17 | dir=in | app=c:\op\hry\starcraft ii\starcraft ii.exe |
"{0FF82879-21F8-44E0-8701-D4962A21209E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1B4369D7-9A43-4DE0-B7A6-D14A9FBA405A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1BFFA05B-F892-40A2-96D2-168DD8607030}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C94E42A-46CE-4C02-A9D9-621B0A994783}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{238E8CA7-F356-4C22-BAC6-B140C75D1CF8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{24E3E271-DF3B-49A1-BEFE-4EFFE1E3D265}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{259F3C00-0BCD-40C4-88E6-91D74BE32185}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{37B843E2-8F32-46BE-8A57-6EEF1F6CA336}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D684A90-3951-4324-BD60-243712F19DC8}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{3E613CEC-7353-4E2A-9E27-8524440CEA19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3F606459-9086-422D-8337-9D653835B3FF}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{424A65CD-C34B-44E4-A75E-1B91D4C6A2B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{42679924-55C3-4061-8A07-4F8F903270E7}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{427A18D5-E1B4-4D45-BBDF-501EEE1F8D98}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4336F6FC-A00E-4CA2-9C9F-9A398F27C1E8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4A8AA448-FE21-442C-9C71-343710DA8D71}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4E73A8D0-C6DF-40E6-A091-1C976A209611}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{572F579F-83F6-491A-8960-A34163F1898B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{63B73EE5-6259-4017-B1E1-E1897B57AA74}" = protocol=6 | dir=in | app=c:\op\hry\starcraft ii\starcraft ii.exe |
"{667A7C28-E63A-47F6-8B2D-6DA4BE42A9CD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{67AE62BC-8C2E-439E-B746-FB38EE4C8146}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6AD26BB8-1F5B-44C4-AF32-B9F6FCA4E1FD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{6B9664DB-12EE-4CEE-A885-BC9E329CC89B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{71DA71B1-E54C-436A-ADDF-735BF7F77AC6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7AD8EF39-28BC-42B8-B957-46DFFAE12D9B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7FDA00C8-A2B7-4E87-9ADC-60E8C3C6CAF0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80B903B4-F8DF-4DAB-9846-35F4E1FF9DA6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{81C7A45B-4734-421F-BB87-93A3FBD7A9F5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{831F1FCA-CF72-40F1-A60B-427462F06443}" = protocol=17 | dir=in | app=c:\op\hry\starcraft ii\starcraft ii.exe |
"{91D4EB5C-EFFF-4091-89A2-6096ECEF1A09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9584525C-C825-4387-9144-FD355A41FF0B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A0BEFD76-3EB0-41DC-95A8-319189572837}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A185AFDD-D3DA-4BA4-84C3-9A83B1963CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AE0DF175-F74E-4005-8781-DB1FFCAEE5F6}" = protocol=6 | dir=in | app=c:\op\hry\starcraft ii\starcraft ii public test.exe |
"{B92D6543-702E-4B5C-B1E7-E2537FE1CD1E}" = protocol=6 | dir=in | app=c:\op\hry\starcraft ii\starcraft ii.exe |
"{BC0C53D9-9BA1-471E-883B-C4BC17F79B9C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C7AB2B8C-9437-4A00-8BBC-2B79B819A710}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{CDB468D9-941E-41E7-8129-10718A00AFD5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{D245155A-EBB1-49BD-998C-2DE92D68AE46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{D434F831-4537-4224-9D28-DAA9F954EA6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{D6E3D13F-01ED-4CBF-88A9-1D4C54EBE267}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{D8881A57-D4D8-4E7F-B082-2B99048CA892}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8959000-8C26-42D1-8112-C8119FA51EB0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DB154E78-121D-4106-A2E5-E633F4B92111}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC4DDD79-A390-42B2-99DA-3BC5DCE96696}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DFE7B15E-F723-40CE-ACBA-EB549B5AF807}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E1FA70B4-F114-4104-8EF8-C8FE040AD36F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{E7308ED4-F5A8-4FEF-813B-09F959442BCB}" = protocol=17 | dir=in | app=c:\op\hry\starcraft ii\starcraft ii public test.exe |
"{F00D7651-ACB8-4DB8-8A50-8DCBEF5D2995}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F26DF964-BA01-4DA1-8C58-C4F584D10197}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FA4B7E4B-BE86-4942-913D-EF3711029C49}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB655376-1E1F-4D8F-867D-4DAE00BD3455}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FDBBB812-AEA5-4787-BFAC-A439D37CF76F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"TCP Query User{115D30DE-469E-4E29-B32C-F3CA633A396B}C:\program files\matlab\r2007b\bin\win64\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab\r2007b\bin\win64\matlab.exe |
"TCP Query User{11C73FCF-390F-4768-9D50-4527B9E563A9}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{70B7A8E6-D97C-4E02-A138-71F40E826012}C:\op\hry\warcraft iii\gproxy.exe" = protocol=6 | dir=in | app=c:\op\hry\warcraft iii\gproxy.exe |
"TCP Query User{8A2D1062-24FC-40A5-9916-4555242AFEBA}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{B3923956-544C-49EF-A127-D9537D60B84D}C:\op\hry\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\op\hry\warcraft iii\war3.exe |
"TCP Query User{BDF4A0E3-DC18-4719-91A0-C8D1AE9ED706}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{F1C0C653-FC97-4CA9-8AA2-AF0D83CF7E3B}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{FDE6C3AD-E7D9-44ED-9479-B1544ACE66C7}C:\op\hry\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\op\hry\warcraft iii\war3.exe |
"UDP Query User{1DD6BAE4-E99A-4FF7-9A3D-466B161902F9}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{2808102D-321E-4BB1-B963-A75DBC4DA5F9}C:\op\hry\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\op\hry\warcraft iii\war3.exe |
"UDP Query User{5E160192-A263-43ED-AC93-0BB725863905}C:\op\hry\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\op\hry\warcraft iii\war3.exe |
"UDP Query User{776CCDDA-5852-4BB6-8A44-7241A77FCFD2}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{8A90D438-F3D0-4465-AFF9-9B99B78CB73D}C:\op\hry\warcraft iii\gproxy.exe" = protocol=17 | dir=in | app=c:\op\hry\warcraft iii\gproxy.exe |
"UDP Query User{8E781971-170D-4AAF-A54F-3D5131BBC7E0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{ABDDF267-8420-4439-8651-3D9554CDF095}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{D5099C43-5787-4E6E-8E61-6D64DFFBB4DD}C:\program files\matlab\r2007b\bin\win64\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab\r2007b\bin\win64\matlab.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600R" = Canon MP600R
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Software Intel(R) PROSet/Wireless WiFi
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"MatlabR2007b" = MATLAB R2007b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}" = Lineage II
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1" = FTL version 1.03.1
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{361693F2-A153-4359-A4CB-A1B9FF2AA5E6}" = A4tech USB Mouse Quality Testing Program V6.0
"{3C2379D2-337A-4FFA-9017-BDFB80EC0931}" = OSCAR Editor
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B296228-DF7C-43EA-8DED-76027355B219}" = Opera 10.01
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7D1FA102-9B90-48B0-8DF8-735BBA5F4093}" = Driver Updater Pro
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_VISPRO_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_VISPRO_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_VISPRO_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0405-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Czech) 2007
"{90120000-0054-0405-0000-0000000FF1CE}_VISPRO_{908BF8BD-8806-45B7-A648-2D4A4C7448F5}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_VISPRO_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{932FB3F3-594D-4600-ABFA-F2DE80A14214}" = Marvel(TM) - Ultimate Alliance
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King's Bounty. The Legend (Remove Only)
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Altap Salamander 2.52" = Altap Salamander 2.52
"Avidemux 2.5" = Avidemux 2.5
"Battle.net" = Battle.net
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Driver Updater Pro" = Driver Updater Pro
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eurobattle.net1.26" = Eurobattle.net
"Fallout Collection" = Fallout Collection
"Fallout2" = Fallout2
"Google Chrome" = Google Chrome
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{3C2379D2-337A-4FFA-9017-BDFB80EC0931}" = X7 Oscar Editor
"InstallShield_{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.8 (Full) BETA
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"Opera 12.14.1738" = Opera 12.14
"Postal 2 STP - Free Multiplayer Edition" = Postal 2 STP - Free Multiplayer Edition
"PSPad editor_is1" = PSPad editor
"Rollcage" = Rollcage
"ST6UNST #1" = Hero Editor V0.96
"ST6UNST #2" = Dungeon Crafter v1.4.1
"StarCraft II" = StarCraft II
"Steam App 200710" = Torchlight II
"Steam App 42910" = Magicka
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.36
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 1.2.7
"Xfire" = Xfire (remove only)
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3149879176-4258568144-3479067292-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16.2.2013 15:39:13 | Computer Name = OP | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 5.10.0.116 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ae4 Start
Time: 01ce0c7cebaea10b Termination Time: 6 Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report
Id: 8031f747-7870-11e2-ba66-00218548d59d

Error - 16.2.2013 16:46:41 | Computer Name = OP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 16.2.2013 16:46:41 | Computer Name = OP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service SMSvcHost 4.0.0.0
(SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error
code.

Error - 16.2.2013 16:46:41 | Computer Name = OP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 16.2.2013 16:46:41 | Computer Name = OP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service SMSvcHost 4.0.0.0
(SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error
code.

Error - 16.2.2013 16:46:42 | Computer Name = OP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 16.2.2013 16:46:42 | Computer Name = OP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service MSDTC Bridge
4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains
the error code.

Error - 16.2.2013 16:46:42 | Computer Name = OP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 16.2.2013 16:46:42 | Computer Name = OP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service MSDTC Bridge
4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains
the error code.

Error - 17.2.2013 14:00:08 | Computer Name = OP | Source = Windows Backup | ID = 4103
Description =

[ Media Center Events ]
Error - 18.11.2009 13:25:16 | Computer Name = Lukas-NB | Source = MCUpdate | ID = 0
Description = 18:25:11 - Error connecting to the internet. 18:25:11 - Unable
to contact server..

Error - 19.11.2009 13:13:01 | Computer Name = Lukas-NB | Source = MCUpdate | ID = 0
Description = 18:13:00 - Error connecting to the internet. 18:13:00 - Unable
to contact server..

Error - 19.11.2009 13:13:14 | Computer Name = Lukas-NB | Source = MCUpdate | ID = 0
Description = 18:13:06 - Error connecting to the internet. 18:13:06 - Unable
to contact server..

Error - 21.11.2009 11:21:07 | Computer Name = Lukas-NB | Source = MCUpdate | ID = 0
Description = 16:21:07 - Error connecting to the internet. 16:21:07 - Unable
to contact server..

Error - 21.11.2009 11:21:20 | Computer Name = Lukas-NB | Source = MCUpdate | ID = 0
Description = 16:21:12 - Error connecting to the internet. 16:21:12 - Unable
to contact server..

Error - 22.11.2009 13:14:35 | Computer Name = Lukas-NB | Source = MCUpdate | ID = 0
Description = 18:14:35 - Error connecting to the internet. 18:14:35 - Unable
to contact server..

Error - 22.11.2009 13:14:58 | Computer Name = Lukas-NB | Source = MCUpdate | ID = 0
Description = 18:14:41 - Error connecting to the internet. 18:14:41 - Unable
to contact server..

Error - 23.11.2009 13:00:50 | Computer Name = Lukas-NB | Source = MCUpdate | ID = 0
Description = 18:00:50 - Error connecting to the internet. 18:00:50 - Unable
to contact server..

Error - 23.11.2009 13:01:01 | Computer Name = Lukas-NB | Source = MCUpdate | ID = 0
Description = 18:00:56 - Error connecting to the internet. 18:00:56 - Unable
to contact server..

Error - 24.11.2009 13:03:05 | Computer Name = Lukas-NB | Source = MCUpdate | ID = 0
Description = 18:02:58 - Error connecting to the internet. 18:02:58 - Unable
to contact server..

[ OSession Events ]
Error - 15.4.2012 11:55:54 | Computer Name = OP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 3485 seconds with 1440 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 10.2.2013 8:19:27 | Computer Name = OP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SBRE

Error - 12.2.2013 15:08:57 | Computer Name = OP | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 13.2.2013 12:08:12 | Computer Name = OP | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 16.2.2013 15:37:03 | Computer Name = OP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SBRE

Error - 16.2.2013 17:05:14 | Computer Name = OP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SBRE

Error - 17.2.2013 8:29:02 | Computer Name = OP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the nvsvc service.

Error - 17.2.2013 8:29:32 | Computer Name = OP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the PlugPlay service.

Error - 17.2.2013 12:07:15 | Computer Name = OP | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 18.2.2013 18:28:15 | Computer Name = OP | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 19.2.2013 15:21:58 | Computer Name = OP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SBRE

< End of report >

Hron · #8 Příspěvek od **Hron** » 20 úno 2013 14:29

OTL část 1
OTL logfile created on: 20.2.2013 9:12:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,39% Memory free
6,00 Gb Paging File | 4,51 Gb Available in Paging File | 75,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 138,06 Gb Free Space | 46,33% Space Free | Partition Type: NTFS
Drive Z: | 984,31 Gb Total Space | 58,29 Gb Free Space | 5,92% Space Free | Partition Type: NTFS

Computer Name: OP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.02.20 09:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013.02.15 09:13:51 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2010.05.06 21:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.05.06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.12.11 12:35:17 | 000,214,816 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009.12.10 22:36:02 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.09.25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

========== Modules (No Company Name) ==========

MOD - [2013.02.19 20:24:50 | 014,717,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012.11.06 18:28:04 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2010.05.06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010.05.06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010.05.06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.01.19 16:26:58 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010.01.19 16:05:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.07.29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2013.02.19 20:24:50 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.04.16 15:27:06 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.12.11 12:35:17 | 000,214,816 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009.12.10 22:36:02 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.10.20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.09.25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.11.06 18:28:05 | 002,715,824 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.04.05 16:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011.04.05 16:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011.04.05 16:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011.02.08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.05.06 21:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010.05.06 21:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010.05.06 21:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010.05.06 21:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.05.06 21:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010.04.11 15:54:15 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.03.04 20:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.13 17:30:28 | 007,520,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.10.20 19:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.10.12 08:33:15 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.10.12 08:33:06 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.10.06 11:56:34 | 000,172,544 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2009.10.06 11:56:32 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2009.10.06 11:54:18 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009.10.06 11:53:56 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2009.10.06 11:53:56 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009.10.06 11:53:54 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009.09.23 09:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.07.22 23:22:43 | 000,358,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.07.22 23:22:41 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.07.22 23:20:23 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.07.22 23:20:23 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.01.24 23:08:34 | 000,057,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2008.01.24 23:08:24 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2008.01.24 23:08:04 | 000,032,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2008.01.24 23:07:54 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2007.08.21 13:42:52 | 000,742,312 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonCam.sys -- (Cam5603D)
DRV:64bit: - [2007.08.13 07:24:26 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3149879176-4258568144-3479067292-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3149879176-4258568144-3479067292-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 45 BB B2 A2 E1 CA 01 [binary data]
IE - HKU\S-1-5-21-3149879176-4258568144-3479067292-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3149879176-4258568144-3479067292-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3149879176-4258568144-3479067292-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.31 15:45:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.03.25 16:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.12 19:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010.03.25 16:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013.02.19 20:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kg4br4ym.default\extensions
[2009.10.09 14:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KG4BR4YM.DEFAULT\EXTENSIONS\{ECDEE021-0D17-467F-A1FF-C7A115230949}
File not found (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KG4BR4YM.DEFAULT\EXTENSIONS\DTTOOLBAR@TOOLBARNET.COM
[2010.01.16 01:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.16 01:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2010.01.16 01:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.16 01:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 01:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.08.01 22:21:22 | 000,000,095 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 81.0.254.162 L2authd.Lineage2.com
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3149879176-4258568144-3479067292-500..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3149879176-4258568144-3479067292-500..\Run: [OscarEditor] C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3149879176-4258568144-3479067292-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.12/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} file:///C:/Lukas/Apps/The%20Tournament%20Director/comdlg32.cab (Microsoft Common Dialog Control, version 6.0 (SP6))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60E495CE-C67C-43F6-BA24-014D27BD9124}: NameServer = 172.22.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A19A897D-DC74-4231-A6AB-0AB26A6BAB8B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F32EC592-7F70-4769-850E-FA41B1F24C73}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{20361fa9-74b4-11e0-a9cb-ad3a6c29f84d}\Shell - "" = AutoRun
O33 - MountPoints2\{20361fa9-74b4-11e0-a9cb-ad3a6c29f84d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{44a87f33-457a-11df-9215-a882cf6f5f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{44a87f33-457a-11df-9215-a882cf6f5f4a}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{44a87f34-457a-11df-9215-a882cf6f5f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{44a87f34-457a-11df-9215-a882cf6f5f4a}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.02.20 09:10:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.02.19 19:35:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RSIT
[2013.02.19 17:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.02.19 17:49:08 | 000,000,000 | ---D | C] -- C:\rsit
[2013.02.16 20:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.16 20:40:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.16 20:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.13 12:23:43 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 12:23:41 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 12:23:40 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 12:23:12 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 12:23:07 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 12:23:07 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 12:23:06 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 12:23:06 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 12:23:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 12:23:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 12:22:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 12:22:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 12:22:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 12:22:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 12:22:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 12:22:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 12:22:44 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.02.20 09:18:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.20 09:14:34 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.02.20 09:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.02.20 08:54:32 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.20 08:54:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.20 08:54:29 | 000,021,351 | ---- | M] () -- C:\Windows\KernelMessage
[2013.02.19 21:18:01 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.19 20:29:10 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.19 20:29:10 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.19 20:24:50 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.19 20:24:50 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.19 20:20:46 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.19 15:30:12 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2013.02.16 22:04:05 | 002,368,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.20 09:14:34 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.02.16 22:03:45 | 002,368,560 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.07 16:52:26 | 000,003,802 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.01.31 20:55:09 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2012.12.24 19:20:12 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2012.05.01 01:42:31 | 000,066,936 | -HS- | C] () -- C:\Windows\dlinfo_0.drv
[2012.03.12 17:54:42 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2012.01.08 00:48:23 | 000,051,270 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\room_v3.dat
[2012.01.07 19:44:43 | 000,049,871 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.10.22 11:29:05 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.10.22 11:29:05 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.08.02 17:50:17 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011.06.22 23:28:30 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\{D0D71577-9F02-4E27-9186-2366F3CF9D02}
[2011.05.26 10:42:06 | 000,016,384 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\svchost.exe
[2011.05.08 23:28:55 | 000,046,742 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\room.dat

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011.01.04 18:32:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\avidemux
[2010.04.01 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Braid
[2010.05.31 17:19:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited
[2012.12.24 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canon
[2011.07.17 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2011.07.17 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2010.04.15 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2012.11.14 21:24:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GarenaPlus
[2010.05.14 16:59:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2012.05.04 23:39:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient
[2010.04.11 19:30:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2012.05.24 22:28:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient2
[2010.11.21 20:51:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Magic Set Editor
[2010.04.01 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Merscom
[2010.03.25 16:43:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010.05.13 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2012.05.23 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2011.07.17 15:45:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2010.04.11 10:09:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wireshark
[2010.04.25 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Zoner

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,648 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.11.03 10:09:25 | 000,000,946 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.11.03 10:09:28 | 000,000,950 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 05:43:00 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.04.11 08:04:08 | 000,000,408 | ---- | C] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011.05.26 10:42:57 | 000,016,384 | ---- | M] () MD5=93F256428E5116B5B04FD48E5C2D8288 -- C:\Users\Administrator\AppData\Roaming\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2012.10.03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011.09.29 18:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010.11.20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011.06.21 07:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010.06.14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2013.01.04 06:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2012.03.30 11:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011.04.25 06:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012.03.30 12:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2013.01.03 06:57:12 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2012.08.22 19:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 11:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010.06.14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011.04.25 06:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011.06.21 07:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011.09.29 17:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012.03.30 12:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013.01.03 07:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013.01.03 07:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011.04.25 07:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013.01.04 06:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2011.06.21 07:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2012.10.03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2011.06.21 07:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011.09.29 17:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2012.08.22 19:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011.09.29 17:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

Hron · #9 Příspěvek od **Hron** » 20 úno 2013 14:30

OTL část 2
< >

< %systemroot%*.* /U /s >
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[13 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[19 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[34 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\1c8d82f6d46425decfccb3e7d8d0c30a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\1c8d82f6d46425decfccb3e7d8d0c30a\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.05.09 16:40:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011.01.04 18:32:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\avidemux
[2010.04.01 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Braid
[2010.05.31 17:19:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited
[2012.12.24 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canon
[2010.04.14 11:55:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\codeblocks
[2011.07.17 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2011.07.17 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2013.02.18 17:28:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2010.04.15 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2012.11.14 21:24:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GarenaPlus
[2010.05.14 16:59:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2010.04.15 12:49:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011.02.11 23:16:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2010.04.10 19:24:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Intel
[2012.05.04 23:39:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient
[2010.04.11 19:30:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2012.05.24 22:28:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient2
[2010.01.13 10:29:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2010.11.21 20:51:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Magic Set Editor
[2010.10.08 15:41:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MathWorks
[2009.07.14 08:45:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2010.08.25 22:17:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic
[2010.04.01 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Merscom
[2012.12.24 19:11:12 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011.08.02 18:53:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2010.03.25 16:43:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010.05.13 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2010.04.01 17:11:19 | 000,000,000 | RH-D | M] -- C:\Users\Administrator\AppData\Roaming\SecuROM
[2013.02.19 21:14:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype
[2011.07.19 08:27:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skypePM
[2012.05.23 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2011.07.17 15:45:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011.07.17 15:45:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ventrilo
[2013.02.20 00:18:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc
[2010.04.10 19:10:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2010.04.11 10:09:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wireshark
[2010.07.28 01:22:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xfire
[2010.04.25 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2011.05.26 10:42:57 | 000,016,384 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\svchost.exe
[2010.02.18 00:38:06 | 000,038,784 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.12.24 19:11:12 | 000,010,134 | R--- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{361693F2-A153-4359-A4CB-A1B9FF2AA5E6}\ARPPRODUCTICON.exe
[2012.12.24 19:11:12 | 000,008,854 | R--- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{361693F2-A153-4359-A4CB-A1B9FF2AA5E6}\UNINST_Uninstall_A_361693F2A1534359A4CBA1B9FF2AA5E6.exe
[2012.12.24 19:11:12 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{361693F2-A153-4359-A4CB-A1B9FF2AA5E6}\Witness.exe1_361693F2A1534359A4CBA1B9FF2AA5E6.exe
[2012.12.24 19:11:12 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{361693F2-A153-4359-A4CB-A1B9FF2AA5E6}\Witness.exe_361693F2A1534359A4CBA1B9FF2AA5E6.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012.04.11 17:21:17 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2013.02.20 09:36:48 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.02.19 21:18:01 | 000,000,946 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.02.20 09:18:00 | 000,000,950 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.02.19 20:24:50 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2013.02.19 20:24:50 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AlcoholAutomount" = "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount -- [2009.04.24 04:21:40 | 000,203,928 | ---- | M] (Alcohol Soft Development Team)
"OscarEditor" = "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum -- [2012.03.20 11:59:04 | 003,340,288 | ---- | M] ()
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun -- [2013.01.08 12:59:26 | 018,705,664 | R--- | M] (Skype Technologies S.A.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2010.01.16 04:11:42 | 000,910,296 | ---- | M] (Mozilla Corporation) MD5=9A1D58A8D5DA06EE6592673CF695DB95 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2010.11.20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2013.02.15 09:13:51 | 000,879,456 | ---- | M] (Opera Software) MD5=2ABD166EC31BE154D8CBEEC5D7F5714C -- C:\Program Files (x86)\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) MD5=0654E4C1F597FC07D6FC7443D4F94840 -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.02.20 09:14:34 | 000,000,512 | ---- | M] () MD5=F48BF7B267B50E21F82ABEDEDDBD09D4 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2007.11.17 19:37:10 | 000,210,701 | ---- | M] () -- \OP\install\Brower Sentinel\browser sentinel crack 1.3.4.zip
[2010.02.07 00:20:52 | 000,097,128 | ---- | M] () -- \OP\install\uiso7\uiso7-crack.zip
[2011.04.15 18:23:32 | 000,076,652 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\magicka\Content\Levels\Textures\Surface\Nature\Ground\dirt01_cracked_0.xnb
[2011.04.15 18:18:19 | 000,034,846 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\magicka\Content\Levels\Textures\Surface\Nature\Ground\dirt01_cracked_NRM_0.xnb
[2012.10.11 16:42:32 | 000,063,448 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\magicka\Content\Levels\Textures\Surface\Structure\Stone\floor_cracks_0.xnb
[2012.10.11 16:42:35 | 000,037,594 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\magicka\Content\Levels\Textures\Surface\Structure\Stone\floor_cracks_nrm_0.xnb
[2012.02.01 16:04:29 | 000,004,354 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\magicka\Content\Levels\Textures\Surface\Structure\Stone\pillar_cracked00_0.xnb
[2012.02.01 16:01:37 | 000,004,058 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\magicka\Content\Levels\Textures\Surface\Structure\Stone\pillar_cracked00_NRM02_0.xnb
[2012.02.01 16:02:19 | 000,008,140 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\magicka\Content\Levels\Textures\Surface\Structure\Stone\wall_cracked00_0.xnb
[2011.04.15 18:15:42 | 000,018,032 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\magicka\Content\Levels\Textures\Surface\Structure\Stone\wall_cracked01_0.xnb
[2011.04.15 18:14:11 | 000,008,364 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\magicka\Content\Levels\Textures\Surface\Structure\Stone\wall_cracked_NRM_0.xnb
[2001.02.09 12:03:12 | 000,000,483 | ---- | M] () -- \Program Files\MATLAB\R2007b\toolbox\pde\crackb.m
[2003.10.21 07:26:04 | 000,002,931 | ---- | M] () -- \Program Files\MATLAB\R2007b\toolbox\pde\crackg.m
[2005.03.07 12:35:58 | 000,000,091 | ---- | M] () -- \Program Files\MATLAB\R2007b\toolbox\pde\ja\crackb.m
[2005.03.07 12:36:00 | 000,000,582 | ---- | M] () -- \Program Files\MATLAB\R2007b\toolbox\pde\ja\crackg.m
[2011.07.05 20:14:43 | 000,000,868 | ---- | M] () -- \Users\Administrator\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.appcracks.com%2Ffavicon.png
[2013.01.31 11:50:53 | 000,000,088 | ---- | M] () -- \Users\Administrator\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.clean-cracks.com%2Ffavicon.png
[2013.01.31 11:48:05 | 000,000,993 | ---- | M] () -- \Users\Administrator\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.crackfound.com%2Ffavicon.png
[2010.05.17 17:57:20 | 000,003,459 | ---- | M] () -- \Users\Administrator\AppData\Roaming\uTorrent\Alcohol_120__1.9.8.7612(Windows 7)_+_crack.rar.torrent
[2011.05.26 10:46:03 | 000,003,855 | ---- | M] () -- \Users\Administrator\AppData\Roaming\uTorrent\Dragon Age 2 Crack only - Reloaded.torrent
[2010.05.18 10:53:08 | 000,008,376 | ---- | M] () -- \Users\Administrator\AppData\Roaming\uTorrent\Dragon Age Origins v1.01 Patch + Crack.torrent
[2010.09.22 18:12:15 | 000,016,745 | ---- | M] () -- \Users\Administrator\AppData\Roaming\uTorrent\StarCraft 2 Crack and Keygen Only [RaZoR 1911].zip.torrent
[2010.09.21 21:35:10 | 000,016,793 | ---- | M] () -- \Users\Administrator\AppData\Roaming\uTorrent\StarCraft II Wings of Liberty Proper Razor1911 Crack only.torrent

< *keygen* /s >
[2010.09.22 18:12:15 | 000,016,745 | ---- | M] () -- \Users\Administrator\AppData\Roaming\uTorrent\StarCraft 2 Crack and Keygen Only [RaZoR 1911].zip.torrent

< *loader* /s >
[2010.11.02 12:36:12 | 000,000,404 | ---- | M] () -- \OP\Hry\League of Legends\rads\projects\lol_air_client\releases\0.0.0.241\deploy\assets\storeImages\layout\small_loader.gif
[2012.07.26 08:51:02 | 000,196,335 | ---- | M] () -- \OP\Hry\StarCraft II\Logs\Downloader.log
[2011.07.29 10:44:39 | 000,000,000 | ---- | M] () -- \OP\Hry\StarCraft II\Support\BlizzardDownloader.exe.2e48acd0.temp
[2012.07.26 08:48:08 | 000,000,000 | ---- | M] () -- \OP\Hry\StarCraft II\Support\BlizzardDownloader.exe.340e97df.temp
[2011.04.01 19:42:17 | 000,000,000 | ---- | M] () -- \OP\Hry\StarCraft II\Support\BlizzardDownloader.exe.temp
[2011.09.25 23:18:06 | 000,098,816 | ---- | M] () -- \OP\Hry\Warcraft III\euroloader.exe
[2011.05.06 18:47:43 | 000,000,046 | ---- | M] () -- \OP\Hry\Warcraft III\euroloader.txt
[2012.08.13 10:09:00 | 000,045,056 | ---- | M] () -- \OP\Hry\Warcraft III\Garena Plus\FileLoader.dll
[2012.08.30 14:43:14 | 002,984,960 | ---- | M] () -- \OP\Hry\Warcraft III\Garena Plus\ggdownloader.dll
[2012.11.07 11:53:58 | 000,081,272 | ---- | M] () -- \OP\Hry\Warcraft III\Garena Plus\bbtalk\BTalkLoader.exe
[2005.03.24 12:51:08 | 000,002,090 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge\Resources\en\_media\rssloader.swf
[2005.03.16 18:16:50 | 000,113,664 | ---- | M] () -- \Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2012.08.19 20:26:34 | 000,000,194 | ---- | M] () -- \Program Files (x86)\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2008.07.30 10:06:58 | 000,072,192 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader80.dll
[2008.07.29 03:43:16 | 000,004,096 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader80.tlb
[2009.09.29 13:06:50 | 000,331,776 | ---- | M] () -- \Program Files (x86)\Common Files\Nokia\Service Layer\A\nsl_loader.dll
[2009.09.24 15:26:48 | 000,131,072 | ---- | M] () -- \Program Files (x86)\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2008.09.23 11:27:30 | 000,049,152 | ---- | M] () -- \Program Files (x86)\Futuremark\3DMark06\PhysXLoader.dll
[2008.07.10 16:33:02 | 000,019,992 | ---- | M] () -- \Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\SqlResourceLoader.dll
[2008.07.10 16:33:04 | 000,019,992 | ---- | M] () -- \Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SqlResourceLoader.dll
[2009.01.21 14:30:04 | 000,003,072 | ---- | M] () -- \Program Files (x86)\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2005.06.07 11:25:46 | 000,044,032 | ---- | M] () -- \Program Files (x86)\WinRAR\RarExtLoader.exe
[2010.02.07 21:40:00 | 000,000,543 | ---- | M] () -- \Program Files (x86)\Wireshark\etc\gtk-2.0\gdk-pixbuf.loaders
[2007.08.05 20:29:40 | 000,014,087 | ---- | M] () -- \Program Files\MATLAB\R2007b\help\toolbox\javabuilder\MWArrayAPI\com\mathworks\toolbox\javabuilder\MWCtfClassLoaderSource.html
[1999.10.02 09:20:54 | 000,010,275 | ---- | M] () -- \Program Files\MATLAB\R2007b\sys\perl\win32\lib\AutoLoader.pm
[1999.10.02 09:21:38 | 000,024,422 | ---- | M] () -- \Program Files\MATLAB\R2007b\sys\perl\win32\lib\DynaLoader.pm
[1999.10.02 09:22:34 | 000,012,000 | ---- | M] () -- \Program Files\MATLAB\R2007b\sys\perl\win32\lib\SelfLoader.pm
[2004.07.12 13:09:10 | 000,000,215 | ---- | M] () -- \Program Files\MATLAB\R2007b\toolbox\local\classloader.txt
[2009.08.16 17:05:14 | 000,053,760 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2012.11.14 21:23:08 | 000,016,655 | ---- | M] () -- \ProgramData\GarenaMessenger\update\12079\FileLoader.dll
[2012.01.07 20:11:20 | 000,001,739 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Eurobattle.net\Euroloader.lnk
[2012.12.04 17:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.12.04 17:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.12.04 17:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2010.06.29 11:46:58 | 000,057,728 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2010.06.29 11:46:58 | 000,057,728 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2010.06.29 11:46:58 | 000,057,728 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2013.02.19 20:24:34 | 000,003,784 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWMA2YNL\bundleloader[1].js
[2013.02.19 20:24:37 | 000,000,723 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWMA2YNL\downloaderror[1].js
[2013.02.17 05:01:15 | 000,005,505 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IVMJZ5PM\queryLoader[1].js
[2013.02.19 20:24:37 | 000,001,174 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV5DP77Y\downloader[1].js
[2013.02.17 05:01:14 | 000,000,353 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV5DP77Y\queryLoader[1].css
[2013.01.31 11:40:44 | 000,000,214 | ---- | M] () -- \Users\Administrator\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fstep.yourfiledownloader.com%2Fstatic%2Fa%2Fimages%2Ffavicon.png
[2012.05.02 18:41:00 | 000,385,792 | ---- | M] () -- \Users\Administrator\AppData\Local\Runic Games\downloader.bundle
[2012.03.16 17:32:00 | 000,687,520 | ---- | M] () -- \Users\Administrator\AppData\Local\Runic Games\downloader.dll
[2012.01.07 19:55:58 | 000,001,757 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eurobattle.net\Euroloader.lnk
[2012.11.14 21:23:08 | 000,016,655 | ---- | M] () -- \Users\All Users\GarenaMessenger\update\12079\FileLoader.dll
[2012.01.07 20:11:20 | 000,001,739 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Eurobattle.net\Euroloader.lnk
[2012.12.04 17:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.12.04 17:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.12.04 17:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2009.11.24 21:16:09 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2009.09.15 13:06:36 | 001,001,032 | ---- | M] () -- \Windows\Downloaded Program Files\UploaderX.dll
[2013.02.19 20:25:58 | 000,022,480 | ---- | M] () -- \Windows\Prefetch\RAREXTLOADER.EXE-8405D981.pf
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.08.14 12:36:18 | 000,070,936 | ---- | M] () -- \Windows\System32\PhysXLoader.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.08.14 12:36:18 | 000,070,936 | ---- | M] () -- \Windows\SysWOW64\PhysXLoader.dll
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:18:33 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_66f39ad995474166\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 07:23:09 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_66e5ca0f95521152\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:04:54 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.18 16:22:27 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_66ff46fd953e6c5c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:28:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:41:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_66b5981d957562a1\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:26:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_66fe4899953f502c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:39:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_673e58b0ae93bb84\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:46:36 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_6787e564ae5ceff6\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:26:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:36:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_67316604ae9dcf7e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 15:12:39 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_677d175eae65090e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:04:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_68daf829926cc6a9\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:44:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:38:32 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_68c05c919281774d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:38:48 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:00:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_695ac552ab919bbb\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:40:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_694ff566ab99b7ac\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:09:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_6907efc6abd0db81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 06:37:37 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.14 06:37:37 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009.07.14 06:37:37 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009.07.14 06:37:37 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009.07.14 06:37:37 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2011.07.31 10:21:04 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.07.31 10:21:04 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2011.07.31 10:21:05 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2011.07.31 10:21:05 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2011.07.31 10:21:05 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 03:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 14:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 14:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010.11.20 05:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 18:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 14:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 07:22:35 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 06:45:50 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:19:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.18 12:09:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 05:43:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 05:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 07:13:36 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:47:28 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 05:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.12.19 23:00:00 | 000,068,608 | ---- | M] () -- \xampp\MercuryMail\loader.exe
[2009.12.19 23:00:00 | 000,014,987 | ---- | M] () -- \xampp\perl\lib\AutoLoader.pm
[2009.12.19 23:00:00 | 000,025,806 | ---- | M] () -- \xampp\perl\lib\DynaLoader.pm
[2009.12.19 23:00:00 | 000,017,341 | ---- | M] () -- \xampp\perl\lib\SelfLoader.pm
[2009.12.19 23:00:00 | 000,010,882 | ---- | M] () -- \xampp\perl\lib\XSLoader.pm
[2009.12.19 23:00:00 | 000,001,329 | ---- | M] () -- \xampp\perl\lib\Locale\Maketext\GutsLoader.pm
[2009.12.19 23:00:00 | 000,001,027 | ---- | M] () -- \xampp\perl\site\lib\Apache2\XSLoader.pm
[2009.12.19 23:00:00 | 000,001,031 | ---- | M] () -- \xampp\perl\site\lib\APR\XSLoader.pm
[2009.12.19 23:00:00 | 000,010,700 | ---- | M] () -- \xampp\perl\site\lib\ModPerl\RegistryLoader.pm
[2009.12.19 23:00:00 | 000,006,565 | ---- | M] () -- \xampp\php\PEAR\PEAR\Autoloader.php
[2009.12.19 23:00:00 | 000,066,314 | ---- | M] () -- \xampp\php\PEAR\PEAR\Downloader.php
[2009.12.19 23:00:00 | 000,009,232 | ---- | M] () -- \xampp\php\PEAR\Zend\Loader.php
[2009.12.19 23:00:00 | 000,007,587 | ---- | M] () -- \xampp\php\PEAR\Zend\Amf\Parse\TypeLoader.php
[2009.12.19 23:00:00 | 000,002,786 | ---- | M] () -- \xampp\php\PEAR\Zend\Application\Module\Autoloader.php
[2009.12.19 23:00:00 | 000,016,699 | ---- | M] () -- \xampp\php\PEAR\Zend\Loader\Autoloader.php
[2009.12.19 23:00:00 | 000,014,838 | ---- | M] () -- \xampp\php\PEAR\Zend\Loader\PluginLoader.php
[2009.12.19 23:00:00 | 000,010,500 | ---- | M] () -- \xampp\php\PEAR\Zend\Search\Lucene\Index\DictionaryLoader.php
[2009.12.19 23:00:00 | 000,004,643 | ---- | M] () -- \xampp\php\PEAR\Zend\Tool\Framework\Loader\IncludePathLoader.php

========== Alternate Data Streams ==========

@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Administrator\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Administrator\Desktop\desktop.ini:gs5sys

< End of report >

#10 Příspěvek od **vyosek** » 20 úno 2013 15:34

Dovolim si otazku, ma cenu lecit PC, ktere si uzivatel s prominutim zaliska hend vlastni blbosti zpatky diky crackum\keygenum a podobnym "dobrotami"

Hron · #11 Příspěvek od **Hron** » 20 úno 2013 16:03

Nevím o bylo na PC předtím, než jsem ho začal používat já.
Když jsem ho začal používat já, tak ano, ze začátku jsem používal cracnuté hry, ale pak jsem si část z nich koupil originální a zbytek se pokusil odinstalovat. Všechny nové hry zásadně kupuji.

Aktuálně vím o hrách:
Diablo II LoD, Diablo III, Falout I-III, Magicka, SC II, Skyrim, TLII - které mám koupené
Warcraft III TFT, které nevím jestli mám koupené, ale nehraji ho, tak ho klidně smaži - mám ho originální?
League of Legends je free.
Heroes III a TTD byli na PC přetaženy, když jsem notebook půjčoval a já si řekl, že je mazat nebudu a i jsem si zahrál - v podstatě mohu smazat a zakázat je tam instalovat.

Pak je tu hra Red Alert 3, kterou jsem si původně stáhnul a craknul, ale po spuštění jsem si řekl, že ne, že neporuším kupování a koupil jsme si ji také. Instalace koupené se ale nezdařila. To mám v plánu řešit později.

Ostatní hry tu byli přede mnou.

Takže nyní si myslím, že už ano. Ještě před dvěma roky bych řekl "ano" jen proto, aby jste mi pomohl notebook rozchodit, ale během těch dvou let jsem začal čím dál častěji nové hry kupovat a mám v plánu v tom pokračovat i nadále...

#12 Příspěvek od **vyosek** » 20 úno 2013 22:54

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Hron · #13 Příspěvek od **Hron** » 21 úno 2013 06:49

Děkuji, že se mnou pokračujete.

MBAM-log-2013-02-21 (06-44-56)
Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 506579
Uplynulý čas: 2 hodin, 2 minut, 59 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 3
HKCU\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Nebyla provedena žádná instrukce.
C:\Users\ADMINISTRATOR\AppData\Roaming\svchost.exe (Trojan.Agent) -> Nebyla provedena žádná instrukce.

(konec)

#14 Příspěvek od **vyosek** » 21 úno 2013 12:01

Nalezy smazte. objevi se log, ten rad uvidim

Hron · #15 Příspěvek od **Hron** » 21 úno 2013 12:25

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Administrator :: OP [administrátor]

Ochrana: Povolena

20.2.2013 23:14:39
mbam-log-2013-02-20 (23-14-39).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 506579
Uplynulý čas: 2 hodin, 2 minut, 59 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 3
HKCU\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Přesun do karantény a smazání se zdařilo.
C:\Users\ADMINISTRATOR\AppData\Roaming\svchost.exe (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.

(konec)

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu